#VU88857 Race condition in SSSD - CVE-2023-3758

Cybersecurity Help s.r.o.

Published: 2024-04-19

Vulnerability identifier: #VU88857

Vulnerability risk: Medium

CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-3758

CWE-ID: CWE-362

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
SSSD
Web applications / Remote management & hosting panels

Vendor: SSSD

Description

The vulnerability allows a remote user to escalate privileges on the system.

The vulnerability exists due to a race condition where the GPO policy is not consistently applied for authenticated users. A remote user can exploit the race and gain unauthorized access to the system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

SSSD: 2.0.0 - 2.9.4

External links
https://access.redhat.com/errata/RHSA-2024:1919
https://access.redhat.com/errata/RHSA-2024:1920
https://access.redhat.com/errata/RHSA-2024:1921
https://access.redhat.com/errata/RHSA-2024:1922
https://access.redhat.com/security/cve/CVE-2023-3758
https://bugzilla.redhat.com/show_bug.cgi?id=2223762
https://github.com/SSSD/sssd/pull/7302

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Anolis OS update for sssd

Multiple vulnerabilities in IBM QRadar SIEM

Amazon Linux AMI update for sssd

Multiple vulnerabilities in Red Hat Ceph Storage 5

Multiple vulnerabilities in Juniper Secure Analytics (JSA)

Multiple vulnerabilities in Dell Cloud Tiering Appliance

Ubuntu update for sssd

Red Hat Enterprise Linux 8 update for sssd

openEuler 22.03 LTS SP2 update for sssd

openEuler 20.03 LTS SP4 update for sssd